Lucene search

K
CaddyserverCaddy

7 matches found

CVE
CVE
added 2023/10/10 2:15 p.m.4408 views

CVE-2023-44487

The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.

7.5CVSS8AI score0.94434EPSS
CVE
CVE
added 2022/07/22 3:15 p.m.104 views

CVE-2022-34037

An out-of-bounds read in the rewrite function at /modules/caddyhttp/rewrite/rewrite.go in Caddy v2.5.1 allows attackers to cause a Denial of Service (DoS) via a crafted URI. Note: This has been disputed as a bug, not a security vulnerability, in the Caddy web server that emerged when an administrat...

7.5CVSS7.2AI score0.00179EPSS
CVE
CVE
added 2023/02/06 11:15 p.m.98 views

CVE-2022-28923

Caddy v2.4.6 was discovered to contain an open redirection vulnerability which allows attackers to redirect users to phishing websites via crafted URLs.

6.1CVSS6.1AI score0.13247EPSS
CVE
CVE
added 2020/06/15 5:15 p.m.81 views

CVE-2018-21246

Caddy before 0.10.13 mishandles TLS client authentication, as demonstrated by an authentication bypass caused by the lack of the StrictHostMatching mode.

9.8CVSS9.6AI score0.00669EPSS
CVE
CVE
added 2022/06/02 9:15 p.m.73 views

CVE-2022-29718

Caddy v2.4 was discovered to contain an open redirect vulnerability. A remote unauthenticated attacker may exploit this vulnerability to redirect users to arbitrary web URLs by tricking the victim users to click on crafted links.

6.1CVSS6.1AI score0.00079EPSS
CVE
CVE
added 2018/11/10 7:29 p.m.44 views

CVE-2018-19148

Caddy through 0.11.0 sends incorrect certificates for certain invalid requests, making it easier for attackers to enumerate hostnames. Specifically, when unable to match a Host header with a vhost in its configuration, it serves the X.509 certificate for a randomly selected vhost in its configurati...

4.3CVSS4AI score0.00167EPSS
CVE
CVE
added 2023/12/10 11:15 p.m.30 views

CVE-2023-50463

The caddy-geo-ip (aka GeoIP) middleware through 0.6.0 for Caddy 2, when trust_header X-Forwarded-For is used, allows attackers to spoof their source IP address via an X-Forwarded-For header, which may bypass a protection mechanism (trusted_proxy directive in reverse_proxy or IP address range restri...

6.5CVSS6.3AI score0.00091EPSS